Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Is aws-cloudfront-s3 added bucket policy repetitive? #43

Closed
robertd opened this issue Aug 19, 2020 · 3 comments
Closed

Question: Is aws-cloudfront-s3 added bucket policy repetitive? #43

robertd opened this issue Aug 19, 2020 · 3 comments
Assignees
@hnishar
Labels
bug Something isn't working

Comments

@robertd
Copy link

robertd commented Aug 19, 2020
edited
Loading

Hello :)

I have a question regarding aws-cloudfront-s3 construct. I've been experimenting with it, and I noticed some overlap in attached bucket policies here.

Action s3:GetObject has already been added through aws-cloudfront module, so I'm not sure why it was added again here. Thanks!

Note: Current aws-cloudfront-s3 uses older L2 construct of aws-cloudfront module. See #39.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "HttpsOnly",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "*",
            "Resource": "arn:aws:s3:::static-content-1234567890/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E1VKUUXTUNNAAA"
            },
            "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::static-content-1234567890",
                "arn:aws:s3:::static-content-1234567890/*"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E1VKUUXTUNNAAA"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::static-content-1234567890/*"
        }
    ]
}
@robertd robertd added bug Something isn't working needs-triage The issue or PR still needs to be triaged labels Aug 19, 2020
@robertd robertd changed the title Question: Question: Is aws-cloudfront-s3 added bucket policy repetitive? Aug 19, 2020
@hnishar hnishar removed the needs-triage The issue or PR still needs to be triaged label Aug 19, 2020
@hnishar
Copy link
Contributor

hnishar commented Aug 19, 2020

robertd@, I noticed the same as well when migrating to the new cloudfront L2 construct. It will be fixed with the migration issue

@robertd
Copy link
Author

robertd commented Aug 19, 2020

@hnishar Thanks for confirming this.

@hnishar hnishar self-assigned this Aug 25, 2020
@hnishar hnishar added in-progress This issue is being actively worked on and removed in-progress This issue is being actively worked on labels Oct 16, 2020
@hnishar
Copy link
Contributor

hnishar commented Oct 17, 2020

The fix has been pushed out in the latest release v1.68.0

@hnishar hnishar closed this as completed Oct 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hnishar hnishar

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robertd @hnishar